eta_server
/
eta_api


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327
							package services

import (
	"encoding/json"
	"errors"
	"eta/eta_api/models"
	"eta/eta_api/models/company"
	"eta/eta_api/models/system"
	"eta/eta_api/utils"
	"fmt"
	"github.com/go-ldap/ldap"
	"io"
	"net/http"
	"strconv"
	"strings"
	"time"
)

// SendAdminMobileVerifyCode 发送用户手机验证码
func SendAdminMobileVerifyCode(source int, mobile, areaCode string) (ok bool, err error) {
	defer func() {
		if err != nil {
			tips := fmt.Sprintf("SendAdminMobileVerifyCode ErrMsg: %s", err.Error())
			utils.FileLog.Info(tips)
			fmt.Println(tips)
		}
	}()
	smsClient, e := NewSmsClient()
	if e != nil {
		err = fmt.Errorf("NewSmsClient err: %s", e.Error())
		return
	}

	verifyCode := utils.GetRandDigit(6)
	record := new(system.AdminVerifyCodeRecord)
	record.VerifyType = system.AdminVerifyCodeRecordTypeMobile
	record.Mobile = mobile
	record.Source = source
	record.Code = verifyCode
	record.ExpiredTime = time.Now().Add(utils.VerifyCodeExpireMinute * time.Minute)
	record.CreateTime = time.Now().Local()
	record.ModifyTime = time.Now().Local()
	if e := record.Create(); e != nil {
		err = fmt.Errorf("新增验证码记录失败, Err: %s", e.Error())
		return
	}

	var smsReq UserLoginSmsCodeReq
	smsReq.Mobile = mobile
	smsReq.TelAreaCode = areaCode
	smsReq.VerifyCode = verifyCode
	smsResult, e := smsClient.SendUserLoginCode(smsReq)
	if e != nil {
		err = fmt.Errorf("SendUserLoginCode err: %s", e.Error())
		return
	}
	ok = smsResult.Success

	record.SendStatus = system.AdminVerifyCodeRecordStatusSuccess
	if !ok {
		record.SendStatus = system.AdminVerifyCodeRecordStatusFail
	}
	record.RequestId = smsResult.RequestId
	cols := []string{"SendStatus", "RequestId"}
	if e := record.Update(cols); e != nil {
		err = fmt.Errorf("更新验证码记录失败, Err: %s", e.Error())
	}
	return
}

// SendAdminEmailVerifyCode 发送用户邮箱验证码
func SendAdminEmailVerifyCode(source int, email string) (ok bool, err error) {
	defer func() {
		if err != nil {
			tips := fmt.Sprintf("SendAdminEmailVerifyCode ErrMsg: %s", err.Error())
			utils.FileLog.Info(tips)
			fmt.Println(tips)
		}
	}()
	// 读取配置
	confMap, e := models.GetBusinessConf()
	if e != nil {
		err = fmt.Errorf("GetBusinessConf err: %s", e.Error())
		return
	}
	subjectConf := confMap[models.BusinessConfLoginEmailTemplateSubject]
	contentConf := confMap[models.BusinessConfLoginEmailTemplateContent]
	if subjectConf == "" {
		err = fmt.Errorf("请先配置邮件模版主题")
		return
	}
	if contentConf == "" {
		err = fmt.Errorf("请先配置邮件模版内容")
		return
	}
	verifyCode := utils.GetRandDigit(6)
	t := time.Now().Format("2006年01月02日")
	emailContent := contentConf
	emailContent = strings.Replace(emailContent, "{{VERIFY_CODE}}", verifyCode, 1)
	emailContent = strings.Replace(emailContent, "{{EXPIRED_MINUTE}}", strconv.Itoa(utils.VerifyCodeExpireMinute), 1)
	emailContent = strings.Replace(emailContent, "{{DATE_TIME}}", t, 1)

	// 验证码记录
	record := new(system.AdminVerifyCodeRecord)
	record.VerifyType = system.AdminVerifyCodeRecordTypeEmail
	record.Email = email
	record.Source = source
	record.Code = verifyCode
	record.ExpiredTime = time.Now().Add(utils.VerifyCodeExpireMinute * time.Minute)
	record.CreateTime = time.Now().Local()
	record.ModifyTime = time.Now().Local()
	if e := record.Create(); e != nil {
		err = fmt.Errorf("新增验证码记录失败, Err: %s", e.Error())
		return
	}

	var result string
	if confMap[models.BusinessConfEmailClient] == models.BusinessConfEmailClientSmtp {
		// 普通邮箱
		var emailReq SendEmailReq
		emailReq.Title = subjectConf
		emailReq.Content = emailContent
		emailReq.ToUser = append(emailReq.ToUser, email)
		ok, e = SendEmail(emailReq)
		if e != nil {
			err = fmt.Errorf("邮箱推送失败, Err: %s", e.Error())
			return
		}
	} else {
		// 默认阿里云邮箱
		// 读取发信人昵称配置...后面可以优化一下
		authKey := "english_report_email_conf"
		emailConf, e := company.GetConfigDetailByCode(authKey)
		if e != nil {
			err = fmt.Errorf("获取群发邮件权限失败, Err: %s", e.Error())
			return
		}
		if emailConf.ConfigValue == "" {
			err = fmt.Errorf("邮件配置为空, 不可推送")
			return
		}
		conf := new(models.EnglishReportEmailConf)
		if e = json.Unmarshal([]byte(emailConf.ConfigValue), &conf); e != nil {
			err = fmt.Errorf("邮件配置有误, 不可推送")
			return
		}

		req := new(EnglishReportSendEmailRequest)
		req.Subject = subjectConf
		req.Email = email
		req.FromAlias = conf.FromAlias // 发信人昵称
		req.HtmlBody = emailContent

		aliEmail := new(AliyunEmail)
		o, r, e := aliEmail.SendEmail(req)
		if e != nil {
			err = fmt.Errorf("阿里云邮箱推送失败, Err: %s", e.Error())
			return
		}
		ok = o
		result = r
	}

	record.SendStatus = system.AdminVerifyCodeRecordStatusSuccess
	if !ok {
		record.SendStatus = system.AdminVerifyCodeRecordStatusFail
	}
	record.SendResult = result
	cols := []string{"SendStatus", "SendResult"}
	if e = record.Update(cols); e != nil {
		err = fmt.Errorf("更新验证码记录失败, Err: %s", e.Error())
	}
	return
}

// LdapUserCheck AD域用户校验
func LdapUserCheck(userName, password string) (pass bool, err error) {
	defer func() {
		if err != nil {
			tips := fmt.Sprintf("LdapUserCheck ErrMsg: %s", err.Error())
			utils.FileLog.Info(tips)
			fmt.Println(tips)
		}
	}()
	if userName == "" || password == "" {
		err = fmt.Errorf("账号密码有误")
		return
	}
	confMap, e := models.GetBusinessConf()
	if e != nil {
		err = fmt.Errorf("GetBusinessConf err: %s", e.Error())
		return
	}
	if confMap[models.BusinessConfLdapHost] == "" || confMap[models.BusinessConfLdapBase] == "" {
		err = fmt.Errorf("AD域配置有误")
		return
	}
	ldapPort, _ := strconv.Atoi(confMap[models.BusinessConfLdapPort])
	if ldapPort <= 0 {
		err = fmt.Errorf("AD域端口号有误, Port: %d", ldapPort)
		return
	}

	// 连接ldap
	addr := fmt.Sprintf("%s:%d", confMap[models.BusinessConfLdapHost], ldapPort)
	conn, e := ldap.Dial("tcp", addr)
	if e != nil {
		err = fmt.Errorf("ldap Dial err: %s", e.Error())
		return
	}
	defer conn.Close()

	// 绑定用户
	bindUserName := fmt.Sprintf("%s%s", userName, confMap[models.BusinessConfLdapBindUserSuffix])
	if e = conn.Bind(bindUserName, password); e != nil {
		err = fmt.Errorf("ldap Bind err: %s", e.Error())
		return
	}

	// 鉴权操作
	searchRequest := ldap.NewSearchRequest(
		confMap[models.BusinessConfLdapBase],
		ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false,
		fmt.Sprintf(confMap[models.BusinessConfLdapUserFilter], userName),
		[]string{"dn"},
		nil,
	)
	//b, _ := json.Marshal(searchRequest)
	//fmt.Println("searchRequest: ", string(b))

	sr, e := conn.Search(searchRequest)
	if e != nil {
		err = fmt.Errorf("ldap Search err: %s", e.Error())
		return
	}

	// 验证结果
	if len(sr.Entries) != 1 {
		utils.FileLog.Info("ldap check fail: user does not exist or too many entries returned")
		return
	}
	pass = true
	return
}

func ThirdLogin(req map[string]interface{}) (data GetCrmTokenData, err error, errMsg string) {
	if utils.BusinessCode == utils.BusinessCodeRelease || utils.BusinessCode == utils.BusinessCodeSandbox {
		authCode, ok := req["code"]
		if !ok {
			errMsg = "参数有误"
			err = errors.New("参数缺失, code")
			return
		}
		authCodeStr := fmt.Sprint(authCode)
		if authCodeStr == "" {
			errMsg = "参数有误"
			err = errors.New("参数缺失, AuthCode")
			return
		}

		data, err = CodeLoginFromMiddleServer(authCodeStr)

		return
	}

	data, err = ThirdCodeLoginFromMiddleServer(req)

	// 普通的第三方

	return
}

// ThirdCodeLoginFromMiddleServer 中间服务-编码登录
func ThirdCodeLoginFromMiddleServer(param map[string]interface{}) (tokenResp GetCrmTokenData, err error) {
	data, e := json.Marshal(param)
	if e != nil {
		err = fmt.Errorf("data json marshal err: %s", e.Error())
		return
	}

	body := io.NopCloser(strings.NewReader(string(data)))
	client := &http.Client{}
	req, e := http.NewRequest("POST", utils.EtaBridgeLoginUrl, body)
	if e != nil {
		err = fmt.Errorf("http create request err: %s", e.Error())
		return
	}

	contentType := "application/json;charset=utf-8"
	req.Header.Set("Content-Type", contentType)
	req.Header.Set("Authorization", utils.CrmEtaAuthorization)
	resp, e := client.Do(req)
	if e != nil {
		err = fmt.Errorf("http client do err: %s", e.Error())
		return
	}
	defer func() {
		_ = resp.Body.Close()
	}()
	b, e := io.ReadAll(resp.Body)
	if e != nil {
		err = fmt.Errorf("resp body read err: %s", e.Error())
		return
	}
	if len(b) == 0 {
		err = fmt.Errorf("resp body is empty")
		return
	}
	// 生产环境解密, 注意有个坑前后的双引号
	if utils.RunMode == "release" {
		str := string(b)
		str = strings.Trim(str, `"`)
		b = utils.DesBase64Decrypt([]byte(str), utils.DesKey)
	}

	result := new(GetCrmTokenDataResp)
	if e = json.Unmarshal(b, &result); e != nil {
		err = fmt.Errorf("result unmarshal err: %s\nresult: %s", e.Error(), string(b))
		return
	}
	if result.Code != 200 {
		err = fmt.Errorf("result: %s", string(b))
		return
	}
	tokenResp = result.Data
	return
}